Crooks Don't Need a Fancy Skimmer: They Can Just Tap an ATM's Network Cable

Not all ATM attacks need an elaborate skimmer. There’s a new technique doing the rounds, which involves hijacking the ethernet cable of an ATM to gather your card information.

Krebs on Security reports that NCR — the technology company that makes many of the pay-points and ATMs you use every day — has issued a warning about the new kind of attack. It uses a device that’s plugged into the machine’s network cable to harvest card details, while a PIN can be captured using a separate camera or keypad overlay. Such hardware has already been used to successfully attack NCR and Diebold ATMs, according to Krebs.

As you can see from the image, the attack’s been levelled at a standalone ATM, where access to the network cables is fairly straightforward. Cash machines built into the wall would, obviously, prove far harder to attack in this way.

The news adds yet another thing to look out for at ATMs. If you see anything suspicious on a network connection — let alone the card slot or keypad — don’t bother using the cash point. [Krebs on Security]